socket-nginx代理

一般情况下，我们使用nginx都是使用的http代理，即再http{…}模块下配置server请求。

socket使用的是TCP/IP协议，编译安装nginx必须启用–with-stream模块。在stream中配置请求转发

./configure  --prefix=/usr/local/nginx --with-stream

1	./configure --prefix=/usr/local/nginx --with-stream

因为使用的容器来配置的nginx，默认是已经有了–with-stream模块，我们直接在nginx.conf中配置stream{…}模块即可

1.在配置文件nginx.conf中加stream模块

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}

#http请求模块
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

#添加stream socket模块
stream {

	log_format proxy '$remote_addr - [$time_local] '
					'$protocol $status $bytes_sent $bytes_received '
					'$session_time "$upstream_addr" '
					'"$upstream_bytes_sent" "$upstream_bytes_received"                 
					"$upstream_connect_time" '
					'$remote_addr $remote_port $server_addr $server_port';
 
    # 后端指向redis哨兵服务的端口 stream_backend 组
    #upstream stream_backend {
    #     server redis-sentinel-1:26379;
    #     server redis-sentinel-2:26380;
    #	 server redis-sentinel-3:26381;
    #}
    upstream stream_backend {
         server 192.168.66.180:26379;
         server 192.168.66.180:26380;
	 server 192.168.66.180:26381;
    }

	server {
        #本机监听端口26378
        listen	26378;
        proxy_pass	stream_backend; #请求抛给 stream_backend 组
        access_log logs/seninel.access.log proxy;
    }

	include ./conf.d/*.tcpstream;
}

user nginx;

worker_processes auto;

error_log /var/log/nginx/error.log notice;

pid /var/run/nginx.pid;

events {

worker_connections 1024;

}

#http请求模块

http {

include /etc/nginx/mime.types;

default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '

'$status $body_bytes_sent "$http_referer" '

'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;

#tcp_nopush on;

keepalive_timeout 65;

#gzip on;

include /etc/nginx/conf.d/*.conf;

}

#添加stream socket模块

stream {

log_format proxy '$remote_addr - [$time_local] '

'$protocol $status $bytes_sent $bytes_received '

'$session_time "$upstream_addr" '

'"$upstream_bytes_sent" "$upstream_bytes_received"

"$upstream_connect_time" '

'$remote_addr $remote_port $server_addr $server_port';

# 后端指向redis哨兵服务的端口 stream_backend 组

#upstream stream_backend {

# server redis-sentinel-1:26379;

# server redis-sentinel-2:26380;

# server redis-sentinel-3:26381;

upstream stream_backend {

server 192.168.66.180:26379;

server 192.168.66.180:26380;

server 192.168.66.180:26381;

}

server {

#本机监听端口26378

listen 26378;

proxy_pass stream_backend; #请求抛给 stream_backend 组

access_log logs/seninel.access.log proxy;

}

include ./conf.d/*.tcpstream;

}

使用上面的nginx.conf配置文件启动nginx容器

#这里注意下如果上面配置文件负载使用的是docker服务名称，这里启动注意要和服务在同一个网络，如果是ip则不用设置network

docker run -d -p 80:80 -p 26378:26378 --name nginx -v /wwwroot:/var/www -v /etc/nginx/nginx.conf:/etc/nginx/nginx.conf -v /etc/nginx/logs/:/etc/nginx/logs --network=redis_default --restart=always nginx


docker run -d -p 80:80 -p 26378:26378 --name nginx -v /wwwroot:/var/www -v /etc/nginx/nginx.conf:/etc/nginx/nginx.conf -v /etc/nginx/logs/:/etc/nginx/logs --restart=always nginx

#这里注意下如果上面配置文件负载使用的是docker服务名称，这里启动注意要和服务在同一个网络，如果是ip则不用设置network

docker run -d -p 80:80 -p 26378:26378 --name nginx -v /wwwroot:/var/www -v /etc/nginx/nginx.conf:/etc/nginx/nginx.conf -v /etc/nginx/logs/:/etc/nginx/logs --network=redis_default --restart=always nginx

docker run -d -p 80:80 -p 26378:26378 --name nginx -v /wwwroot:/var/www -v /etc/nginx/nginx.conf:/etc/nginx/nginx.conf -v /etc/nginx/logs/:/etc/nginx/logs --restart=always nginx

使用 curl测试 websocket

curl --no-buffer -H 'Connection: keep-alive, Upgrade' -H 'Upgrade: websocket' -v -H 'Sec-WebSocket-Version: 13' -H 'Sec-WebSocket-Key: websocket' http://192.168.66.180:26378 ws | od -t c


curl --include \
     --no-buffer \
     --header "Connection: Upgrade" \
     --header "Upgrade: websocket" \
     --header "Host: 192.168.66.180:26378" \
     --header "Origin: http://192.168.66.180:26378" \
     --header "Sec-WebSocket-Key: SGVsbG8sIHdvcmxkIQ==" \
     --header "Sec-WebSocket-Version: 13" \
     http://192.168.66.180:26378/

curl --no-buffer -H 'Connection: keep-alive, Upgrade' -H 'Upgrade: websocket' -v -H 'Sec-WebSocket-Version: 13' -H 'Sec-WebSocket-Key: websocket' http://192.168.66.180:26378 ws | od -t c

curl --include \

--no-buffer \

--header "Connection: Upgrade" \

--header "Upgrade: websocket" \

--header "Host: 192.168.66.180:26378" \

--header "Origin: http://192.168.66.180:26378" \

--header "Sec-WebSocket-Key: SGVsbG8sIHdvcmxkIQ==" \

--header "Sec-WebSocket-Version: 13" \

http://192.168.66.180:26378/

官方stream TCP/UDP

stream {
    upstream stream_backend {
        least_conn;
        server backend1.example.com:12345 weight=5;
        server backend2.example.com:12345 max_fails=2 fail_timeout=30s;
        server backend3.example.com:12345 max_conns=3;
    }
    
    upstream dns_servers {
        least_conn;
        server 192.168.136.130:53;
        server 192.168.136.131:53;
        server 192.168.136.132:53;
    }
    
    server {
        listen        12345;
        proxy_pass    stream_backend;
        proxy_timeout 3s;
        proxy_connect_timeout 1s;
    }
    
    server {
        listen     53 udp;
        proxy_pass dns_servers;
    }
    
    server {
        listen     12346;
        proxy_pass backend4.example.com:12346;
    }
}

stream {

upstream stream_backend {

least_conn;

server backend1.example.com:12345 weight=5;

server backend2.example.com:12345 max_fails=2 fail_timeout=30s;

server backend3.example.com:12345 max_conns=3;

}

upstream dns_servers {

least_conn;

server 192.168.136.130:53;

server 192.168.136.131:53;

server 192.168.136.132:53;

}

server {

listen 12345;

proxy_pass stream_backend;

proxy_timeout 3s;

proxy_connect_timeout 1s;

}

server {

listen 53 udp;

proxy_pass dns_servers;

}

server {

listen 12346;

proxy_pass backend4.example.com:12346;

}

解决nginx转发websocket

问题：websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' head
#grafana反向代理遇到此问题
granfana 反向代理或负载平衡器未正确传递WebSocket请求时，就会出现此问题

问题：websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' head

#grafana反向代理遇到此问题

granfana 反向代理或负载平衡器未正确传递WebSocket请求时，就会出现此问题

    server{
        listen  3000;
        server_name loki.xiaozikeji.cn;
        location / {
            proxy_pass http://192.168.0.210:3000;

            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_connect_timeout 60;
            proxy_read_timeout 600;
            proxy_send_timeout 600;
        }
    }

server{

listen 3000;

server_name loki.xiaozikeji.cn;

location / {

proxy_pass http://192.168.0.210:3000;

proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection "upgrade";

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_connect_timeout 60;

proxy_read_timeout 600;

proxy_send_timeout 600;

}

            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_connect_timeout 60;
            proxy_read_timeout 600;
            proxy_send_timeout 600;

proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection "upgrade";

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_connect_timeout 60;

proxy_read_timeout 600;

proxy_send_timeout 600;

#参考：https://blog.csdn.net/qq_32448349/article/details/100705987

1	#参考：https://blog.csdn.net/qq_32448349/article/details/100705987

本文固定链接: https://www.yoyoask.com/?p=6038
转载请注明: shooter 2019年06月17日于 SHOOTER 发表

最后编辑：2022-04-29

作者：shooter

这个作者貌似有点懒，什么都没有留下。

站内专栏

您可能还会对这些文章感兴趣！